package sshex

import (
	"errors"
	"net"
	"time"

	"golang.org/x/crypto/ssh"
)

const (
	// AuthorizedKeys are public keys that check against User CAs.
	AuthorizedKeys = "authorized_keys"
	// KnownHosts are public keys that check against Host CAs.
	KnownHosts         = "known_hosts"
	KeepAliveReqType   = "keepalive@openssh.com"
	ReadHeadersTimeout = time.Second
)

// ErrServerClosed is returned by the Server's Serve, ListenAndServe,
// and ListenAndServeTLS methods after a call to Shutdown or Close.
var (
	ErrServerClosed          = errors.New("ssh: Server closed")
	ErrKeyboardIntAuthFailed = errors.New("ssh: keyboard-interactive auth failed")
	ErrWrongSequence         = errors.New("ssh: wrong sequence")
	ErrPermissionDenied      = errors.New("ssh: permission denied")
)

type ConnectionFailedCallback func(conn net.Conn, err error)

type PasswordHandler func(ctx *ConnContext, password string) bool

type ChannelHandler func(ctx *ConnContext, conn *ssh.ServerConn, newChan ssh.NewChannel)

//RequestHandler 返回是否答复，以及答复结果和payload
type RequestHandler func(ctx *ConnContext, conn *ssh.ServerConn, req *ssh.Request) (reply, ok bool, payload []byte)

func Listen(address string) (net.Listener, error) {
	if address == "" {
		address = ":22"
	}

	return net.Listen("tcp", address)
}

//TwoFactorAuth
type TwoFactorAuth interface {
	Validate(user, passcode string) bool
}

//HostAccessChecker 验证用户是否可以访问指定的主机端口号，通常在处理'direct-tcpip'命令时调用
type HostAccessChecker interface {
	Check(user, address string) bool
}
